i have website (liferay portal 6.1 , tomcat 7.0) having http , https url below.
i follow below steps , getting forbidden error:
- i fill form details in 2nd url.
- before submitting form open 1st url in new tab.
- then if come 1st url , submit found forbidden error.
i checked jsessionid @ both tabs, ids same. may issue? idea guys?
it's not worth investing time in making http/https mixed mode work (in opinion). bite bullet , go https always. if you'd fix this issue now, chances you'll run more issues later, eating more of time. , when run other issues, they're highly security sensitive.
do favor - unconditionally redirect http traffic https. it's 2016, there's nothing unusual more.
edit after comment: especially if it's old system (by way, obvious when mentioned liferay 6.1. assuming you're using ce, it's long out of updates): configure use of https anywhere can hands on. unconditionally add hsts header take care of rest. no need touch ancient logic. e.g. set
web.server.protocol=https
in portal-ext.properties. add hsts header apache httpd unconditionally (assuming have apache httpd, otherwise use this liferay app yours truly).
Comments
Post a Comment